help with code injection

[jessica93]

Hello. I'm just learning how to use the Cheat Engine...and I would like to learn how to use the "Auto Assemble" feature. For example, I want to enable cpu vs cpu in One Piece Burning Blood... but I can't find the correct address or the game is blocking it. Below are examples of trainers with such a function for other games of the fighting genre. Can I use these codes in my game? What needs to be found, changed? Is it necessary to know the location of the desired object or function in order to change something in the game using code injection?

Spoiler

[ENABLE]
aobscanmodule(cpuvs,StreetFighterV.exe,89 9F 8C 01 00 00 41)
alloc(newmem,$100,cpuvs)
registersymbol(cpuvs)
label(code)
label(return)
newmem:
code:
mov [rdi+0000018C],2
jmp return
cpuvs:
jmp newmem
nop
return:
[DISABLE]
cpuvs:
db 89 9F 8C 01 00 00
unregistersymbol(cpuvs)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: "StreetFighterV.exe"+75D4B8

"StreetFighterV.exe"+75D48C: FF C9 - dec ecx
"StreetFighterV.exe"+75D48E: 74 10 - je StreetFighterV.exe+75D4A0
"StreetFighterV.exe"+75D490: FF C9 - dec ecx
"StreetFighterV.exe"+75D492: 75 2A - jne StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D494: C7 87 8C 01 00 00 03 00 00 00 - mov [rdi+0000018C],00000003
"StreetFighterV.exe"+75D49E: EB 1E - jmp StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D4A0: C7 87 8C 01 00 00 02 00 00 00 - mov [rdi+0000018C],00000002
"StreetFighterV.exe"+75D4AA: EB 12 - jmp StreetFighterV.exe+75D4BE
"StreetFighterV.exe"+75D4AC: C7 87 8C 01 00 00 01 00 00 00 - mov [rdi+0000018C],00000001
"StreetFighterV.exe"+75D4B6: EB 06 - jmp StreetFighterV.exe+75D4BE
// ---------- INJECTING HERE ----------
"StreetFighterV.exe"+75D4B8: 89 9F 8C 01 00 00 - mov [rdi+0000018C],ebx
// ---------- DONE INJECTING ----------
"StreetFighterV.exe"+75D4BE: 41 8B 45 28 - mov eax,[r13+28]
"StreetFighterV.exe"+75D4C2: 48 8D 4C 24 20 - lea rcx,[rsp+20]
"StreetFighterV.exe"+75D4C7: 48 8B D7 - mov rdx,rdi
"StreetFighterV.exe"+75D4CA: 89 87 90 01 00 00 - mov [rdi+00000190],eax
"StreetFighterV.exe"+75D4D0: 41 0F B6 45 2C - movzx eax,byte ptr [r13+2C]
"StreetFighterV.exe"+75D4D5: 88 44 24 20 - mov [rsp+20],al
"StreetFighterV.exe"+75D4D9: E8 F2 CB FF FF - call StreetFighterV.exe+75A0D0
"StreetFighterV.exe"+75D4DE: F3 41 0F 10 45 30 - movss xmm0,[r13+30]
"StreetFighterV.exe"+75D4E4: F3 0F 59 05 A4 A1 46 02 - mulss xmm0,[StreetFighterV.exe+2BC7690]
"StreetFighterV.exe"+75D4EC: F3 0F 2C C0 - cvttss2si eax,xmm0

}

Spoiler

[ENABLE]

aobscanmodule(CPU_VS_CPU,DBXV2.exe,F3 0F 10 83 F8 00 00 00 0F 57) // should be unique
alloc(newmem,$1000,"DBXV2.exe"+155C11)
label(code)
label(originalcode)
label(return)
label(BACK_to_Normal)
label(FULL_HP)
newmem:
cmp [rbx+44],0
jne originalcode
mov [rbx+50],1
cmp byte ptr[FULL_HP],1
je code
cmp byte ptr [BACK_to_Normal],0
je originalcode
mov [rbx+50],0
cmp byte ptr[FULL_HP],0
je originalcode
code:
movss xmm0,[rbx+000000FC]
xorps xmm6,xmm6
cmp byte ptr [BACK_to_Normal],0
je return
mov [rbx+50],0
jmp return

originalcode:
movss xmm0,[rbx+000000F8]
jmp return
BACK_to_Normal:
db 0
FULL_HP:
db 0
CPU_VS_CPU:
jmp newmem
nop 3
return:
registersymbol(CPU_VS_CPU)
registersymbol(BACK_to_Normal)
registersymbol(FULL_HP)
[DISABLE]

CPU_VS_CPU:
db F3 0F 10 83 F8 00 00 00

unregistersymbol(CPU_VS_CPU)
dealloc(newmem)
unregistersymbol(BACK_to_Normal)
unregistersymbol(FULL_HP)
{
// ORIGINAL CODE - INJECTION POINT: "DBXV2.exe"+155C11

"DBXV2.exe"+155BEA: 0F 29 74 24 30 - movaps [rsp+30],xmm6
"DBXV2.exe"+155BEF: 41 8B F9 - mov edi,r9d
"DBXV2.exe"+155BF2: 0F 29 7C 24 20 - movaps [rsp+20],xmm7
"DBXV2.exe"+155BF7: 0F 28 F1 - movaps xmm6,xmm1
"DBXV2.exe"+155BFA: 0F 28 FA - movaps xmm7,xmm2
"DBXV2.exe"+155BFD: 48 8B D9 - mov rbx,rcx
"DBXV2.exe"+155C00: E8 0B 1B 00 00 - call DBXV2.exe+157710
"DBXV2.exe"+155C05: 83 C0 FE - add eax,-02
"DBXV2.exe"+155C08: 83 F8 01 - cmp eax,01
"DBXV2.exe"+155C0B: 0F 86 86 00 00 00 - jbe DBXV2.exe+155C97
// ---------- INJECTING HERE ----------
"DBXV2.exe"+155C11: F3 0F 10 83 F8 00 00 00 - movss xmm0,[rbx+000000F8]
// ---------- DONE INJECTING ----------
"DBXV2.exe"+155C19: 0F 57 DB - xorps xmm3,xmm3
"DBXV2.exe"+155C1C: F3 0F 5F F3 - maxss xmm6,xmm3
"DBXV2.exe"+155C20: 33 C0 - xor eax,eax
"DBXV2.exe"+155C22: F3 0F 5C C6 - subss xmm0,xmm6
"DBXV2.exe"+155C26: F3 0F 11 83 F8 00 00 00 - movss [rbx+000000F8],xmm0
"DBXV2.exe"+155C2E: 85 FF - test edi,edi
"DBXV2.exe"+155C30: 74 06 - je DBXV2.exe+155C38
"DBXV2.exe"+155C32: 89 83 00 01 00 00 - mov [rbx+00000100],eax
"DBXV2.exe"+155C38: 0F 2F C3 - comiss xmm0,xmm3
"DBXV2.exe"+155C3B: 73 0E - jae DBXV2.exe+155C4B
}

[Toga]

hi there
this isn't meant in a bad way
but did you have done the CE tutorials?

q - Can I use these codes in my game?
a - no you can't those opcodes are specific for that game and version

q - Is it necessary to know the location of the desired object or function in order to change something in the game using code injection
a - yes it is... otherwise you are changing something unkown what could crash the game, corrupt your safe.. change your gender

[jessica93]

thank you

[Algester]

for this use case so you understand exactly what is happening to begin with

StreetFighterV.exe, 89 9F 8C 01 00 00 41

this AoB is relevant

you first search AoB
89 9F 8C 01 00 00 41

and then in the memory scan option make sure you are pointing to StreetFighterV.exe
and you may or may not need a check mark on the checkbox in writable option

once cheat engine gives you a search result go to the list of results (if its only one then its easier) and ctrl+D (basically opening memory view) on them from there you can keep on using what address does this access (basically inverse of what you typically want to do where we start we address and generate the opcode) here we are generating addresses based on the opcode

looking at your example for StreetFighterV once you generate the address you can use dissect structure by right clicking the generated address and look for dissect structure (from there look at offset 18C but this is because your sample script seems to be injecting here for what ever reason but there might be relevant values you may like to use in the parts of the structure)